Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Framework: Move to 2.17.2 of is-my-json-valid #23367

Merged
merged 1 commit into from
Mar 16, 2018
Merged

Framework: Move to 2.17.2 of is-my-json-valid #23367

merged 1 commit into from
Mar 16, 2018

Conversation

blowery
Copy link
Contributor

@blowery blowery commented Mar 16, 2018
edited
Loading

Avoids a REDOS attack in 2.17.1

@matticbot
Copy link
Contributor

Test live: https://calypso.live/?branch=update/is-my-json-valid

@blowery blowery requested a review from a team March 16, 2018 16:19
@blowery blowery added Framework [Status] Needs Review The PR is ready for review. This also triggers e2e canary tests and wp-desktop tests automatically. Security labels Mar 16, 2018
@samouri
Copy link
Contributor

samouri commented Mar 16, 2018

Is there anything I should explicitly test here? The diff looks very safe

samouri
samouri approved these changes Mar 16, 2018
View reviewed changes
Copy link
Contributor

@samouri samouri left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I don't think this a REDOS attack is a huge concern for us (yet). The only json we validate against are schemas in our own repo.

I did a basic smoke test and things LGTM.
Reshrinkwrap and 🚢

@blowery
Framework: Move to 2.17.2 of is-my-json-valid
4dff61f 
Avoids a REDOS attack in 2.17.1
@blowery blowery force-pushed the update/is-my-json-valid branch from 3b74f4a to 4dff61f Compare March 16, 2018 17:52
@blowery blowery merged commit 1c73cb6 into master Mar 16, 2018
@blowery blowery deleted the update/is-my-json-valid branch March 16, 2018 18:42
@matticbot matticbot removed the [Status] Needs Review The PR is ready for review. This also triggers e2e canary tests and wp-desktop tests automatically. label Mar 16, 2018
rclations pushed a commit that referenced this pull request Mar 18, 2018
@blowery @rclations
Framework: Move to 2.17.2 of is-my-json-valid (#23367)
f45b475 
Avoids a REDOS attack in 2.17.1
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@samouri samouri samouri approved these changes

Assignees
No one assigned
Labels
Framework Security
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@blowery @matticbot @samouri